Will Google Android's new APK scanning feature affect GrapheneOS??

Equal2024

Source: https://arstechnica.com/gadgets/2023/10/android-will-now-scan-sideloaded-apps-for-malware-at-install-time/

Scanning will extract important signals from the app and send them to the Play Protect backend infrastructure for a code-level evaluation. Once the real-time analysis is complete, users will get a result letting them know if the app looks safe to install or if the scan determined the app is potentially harmful. This enhancement will help better protect users against malicious polymorphic apps that leverage various methods, such as AI, to be altered to avoid detection.

While all the language around this makes it sound optional, the two options in the screenshot are "Scan app" and "Don't install app," with no visible option to just install it and skip the scan. There is a "more details" button that could possibly hide a "skip" option, but Google doesn't mention it.

Google is first rolling this feature out in India—a country that topped the malware distribution charts in that 2018 report—with the company saying the feature "will expand to all regions in the coming months."

Is this something we will need to interface with as GrapheneOS users?

paweljott

Equal2024 GrapheneOS is based on AOSP, so I highly doubt any such function would be integrated.

de0u

Equal2024 Scanning will extract important signals from the app and send them to the Play Protect backend infrastructure for a code-level evaluation.

If Play Services is not installed on a GrapheneOS device I doubt this will happen. As to whether it will happen if/where Play is installed, it's much too early to say.

GrapheneOS

Equal2024 GrapheneOS doesn't include Play services. It's possible sandboxed Google Play could add support for using it for users who want it.

applesbana

de0u

@matchboxbananasynergy

Any idea on if graphene protects our privacy from google scanning side loaded apps?

GrapheneOS

applesbana GrapheneOS doesn't contain Google apps and services. It's not based on the stock Pixel OS. Please read the information on our site about what GrapheneOS is.

Relaks

As long as this feature only scans the apk and doesn't send any private data to Google, I would be happy if this were to be included as an optional feature in Sandboxed Play Services.

Max-Zorin

Relaks

Whoa...this is Google they are talking about. Of course they will. Ha Ha :-)

Relaks

Max-Zorin :-)

[deleted]

Max-Zorin Do you have any evidence that app data is shared with Google or Are you just being sarcastic? (⁠-⁠_⁠-⁠;⁠)

[deleted]

This feature is handled by Google Play store (com.android.vending). This feature cannot be used on GrapheneOS, because Google Play store will need to have an signature|privileged permission called PACKAGE_VERIFICATION_AGENT, which is given only to system apps. GrapheneOS can obviously grant this permission to Google Play store at runtime, but I highly doubt GrapheneOS developers would make an mechanism for that.